Two events in 2006 changed the way federal agencies and contractors viewed and understood cybersecurity. Those two now-seminal events brought cybersecurity out from underneath the IT blanket and into the mainstream. In our special report, Cybersecurity Rising, Federal News Radio looks back at how those events influenced significant change in securing federal systems and how senior leaders talk about and grasp the importance of cybersecurity.

Email this article to a friend

Top Cybersecurity Accomplishments, 2006-2012

Thursday - 10/25/2012, 3:13am EDT

Compiled by Federal News Radio staff

Federal News Radio polled current and former federal cybersecurity experts for
their opinion on what were the most significant cybersecurity accomplishments since 2006 to secure federal networks and improve public-private partnerships. The list below blends suggestions of more than 10 authorities on federal cybersecurity. The accomplishments are in no particular order.

Comprehensive National Cybersecurity Initiative

— The
White House developed the Comprehensive National Cybersecurity Initiative
(CNCI) in 2008 —
including the Trusted Internet Connections (TIC) Initiative and Einstein 3
intrusion detection and prevention program. It was the first governmentwide policy
to address the threats and challenges in cyberspace.

DoD Information Sharing

— DoD created the
Defense Industrial Base pilot to
enhance the
security of the defense supply chain. It also put the Defense Cyber Crime Center
(DC3) on the map as the DIB front door helping to fuse DC3's forensics capability
with the National Counter Intelligence Center and the law enforcement community.

Cyber coordinator

—

Howard Schmidt is the White House cybersecurity
coordinator. (Photo:WhiteHouse.gov)

The creation of the position in the White House
and within both the National
Security Council and National Economic Council was a recognition of both the
importance of cybersecurity and the threat the nation faces. It also lifted
cybersecurity to become an issue most senior managers recognized as important.

800-53 Integration

— DoD, the intelligence
community and
the National
Institute
of Standards and Technology worked together to interlock policies to
create the national risk management
framework. The special publication also showed how the government and private
sector could collaborate on security controls.

Continuous Monitoring

—

(Photo:Thinkstock)

The State
Department demonstrated how it could monitor its networks in near-real time and increase their security. For instance, State performed
world-wide patching of the Google security vulnerability within days. Agencies also are
submitting data feeds about the status of their networks to cyberscope.

Consensus Audit Guidelines

— Public and private
sector
experts agreed
upon the
20 steps that agencies and organizations can take
immediately to
close up holes in their networks and systems. The guidelines were drawn, in part,
from the Air Force's creation of a standardized desktop configuration. State also
showed the guidelines reduced its measured security risk by more than 94 percent
through the automation and measurement of the controls.

The Office of
Management and Budget transferred the operational authority of the Federal
Information
Management Act (FISMA) to DHS in July 2010. DHS now has a more active role in
FISMA oversight, will implement continuous monitoring, and uses blue and red teams
to ensure agency networks are secured. Additionally, DHS established the National
Cybersecurity and Communications Integration Center (NCIC) in 2009 as a
coordinated watch and warning center to address threats to the nation's critical
infrastructure.

National Level Cybersecurity Exercise

— DHS held
the first
cyber storm
in
February 2006 and three more since to prepare federal, state, local and private
sector organizations for the possibility of a cyber attack or other cyber problem. It also
has helped senior
officials better grasp the implications of a cyber attack.